# go to your home dir and download it
cd ~
wget http://apache.cs.utah.edu/tomcat/tomcat-9/v9.0.22/bin/apache-tomcat-9.0.22.tar.gz
tar xzvf apache-tomcat-9.0.22.tar.gz

# make destination dir
sudo mkdir /opt/tomcat

# move unpackaged dir from home to /opt
sudo mv ~/apache-tomcat-9.0.22 /opt/tomcat/

# create symlink to current so we only use /opt/tomcat/current in the future
sudo ln -s /opt/tomcat/apache-tomcat-9.0.22/ /opt/tomcat/current

# create a user who can't log in
sudo adduser --no-create-home --disabled-login tomcat

# change ownership to user tomcat
sudo chown -r tomcat:tomcat /opt/tomcat/

# show me how it looks
ls -la /opt/tomcat

# become root
sudo su

# become tomcat
su tomcat

# go to config dir
cd /opt/tomcat/current/conf


# wipe the users file:
echo "" > /opt/tomcat/current/conf/tomcat-users.xml
 
# add your own users (press ENTER if warned that you have no home directory as user tomcat)
nano /opt/tomcat/current/conf/tomcat-users.xml
 
# and paste this, make sure to update the YOUR_PASSWORD_HERE section below:
 
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="admin" password="YOUR_PASSWORD_HERE" roles="manager-gui,manager-script,manager-jmx,admin-gui,admin-script"/>
</tomcat-users>


# Allow connections from another IP:

# wipe the file
echo "" > /opt/tomcat/current/webapps/host-manager/manager.xml

# edit it (press ENTER if warned that you have no tomcat home dir)
nano /opt/tomcat/current/webapps/host-manager/manager.xml
 
# paste these contents:
<Context privileged="true" antiResourceLocking="false"
docBase="${catalina.home}/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$" />
</Context>
 
# take a look at your context.xml
cat /opt/tomcat/current/webapps/manager/META-INF/context.xml
 
# run this line to insert a rule to allow connections from other IPs:
sed -i 's/allow="127\\.\\d+\\.\\d+\\.\\d+|::1|0:0:0:0:0:0:0:1"/allow="\\d+\\.\\d+\\.\\d+\\.\\d+"/g' /opt/tomcat/current/webapps/manager/META-INF/context.xml
 
# take a look at your context.xml again
cat /opt/tomcat/current/webapps/manager/META-INF/context.xml


# exit from being user tomcat
exit



# you should now be ROOT again, or the user who can run sudo



# Create a startup script:
sudo nano /etc/init.d/tomcat
 
# paste these contents below. It does a /bin/su tomcat (to run things as user tomcat)
 
#!/bin/bash
### BEGIN INIT INFO
# Provides: tomcat9
# Required-Start: $network
# Required-Stop: $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start/Stop Tomcat server
### END INIT INFO
 
PATH=/sbin:/bin:/usr/sbin:/usr/bin
 
start() {
cd /opt/tomcat/current/bin/
/bin/su tomcat /opt/tomcat/current/bin/startup.sh
}
 
stop() {
/bin/su tomcat /opt/tomcat/current/bin/shutdown.sh
}
 
restart() {
stop
start
}
 
case $1 in
start|stop) $1;;
restart) stop; start;;
*) echo "Run as $0 <start|stop|restart>"; exit 1;;
esac



# make it executable
sudo chmod u+x /etc/init.d/tomcat
 
# add it to auto-start
sudo update-rc.d tomcat defaults
 
# check that tomcat is NOT running
ps aux | grep tomcat | grep -v grep


# Restart server to see that Tomcat starts automatically:

# restart the server to test the auto-start
sudo shutdown -r now
 
# once the server is started, check that tomcat is running
ps aux | grep tomcat | grep -v grep
 
# tail the log file
sudo tail -F /opt/tomcat/current/logs/catalina.out

# next go to the /manager web console and log in as admin / your pass
http://your-ip-here:8080/manager
# and Undeploy the /docs, and the /examples apps.